Here is a Cyber Essentials checklist that can help you prepare for the IASME Cyber Essentials certification and easily keep it up to date once you have passed.
What is Cyber Essentials Certification?
The Cyber Essentials certification is a cybersecurity certification developed by the UK Government to help organisations, especially small and medium-sized enterprises (SMEs), demonstrate their commitment to cybersecurity and to protect themselves against cyber attacks.
To obtain the Cyber Essentials certification, you must demonstrate that you meet a set of basic cybersecurity controls that help to protect against common cyber threats. The Cyber Essentials certification is available at two levels: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials Plus includes additional testing and verification of your cybersecurity controls.
The Cyber Essentials checklist
Here is a Cyber Essentials checklist that can help you prepare for the IASME Cyber Essentials certification and easily keep it up to date once you have passed.
- Download a copy of the IASME Cyber Essentials questionnaire and review it thoroughly to understand the requirements and scope of the certification.
- Conduct an initial gap analysis to identify any areas where your organisation may not be compliant with the Cyber Essentials requirements (see the 5 pillars below).
- Implement appropriate security controls to address any identified gaps. This may include technical, procedural, and physical controls.
- Train your staff on cyber security best practices, such as password hygiene, data protection, and safe browsing.
- Conduct regular vulnerability scans and penetration testing to identify and remediate any potential security vulnerabilities.
- Implement access controls and user management practices to ensure that only authorised personnel have access to sensitive data and systems.
- Document your security policies and procedures, including incident response plans, and ensure that they are regularly reviewed and updated.
- Conduct a self-assessment of your compliance with the Cyber Essentials requirements to identify any remaining areas of non-compliance.
- Engage an IASME-accredited certification body to conduct a formal assessment of your compliance with the Cyber Essentials requirements.
- Address any issues identified during the assessment, and work with the certification body to demonstrate your compliance with the Cyber Essentials requirements.
- Once certified, maintain your compliance by regularly reviewing and updating your security controls and policies, and conducting ongoing staff training and awareness activities.
What 5 pillars of cyber security should my Cyber Essentials checklist cover?
The five aspects of cybersecurity that Cyber Essentials Certification looks at should form the core of your checklist. They are to following:
Boundary firewalls and internet gateways
Cyber Essentials requires that organisations have firewalls and other security measures in place to protect their network from unauthorised access, and to prevent malware and other malicious traffic from entering or leaving their network.
Secure configuration
Cyber Essentials requires that organisations have secure configurations for all devices and software used in their network, to minimise the risk of vulnerabilities being exploited.
Access control
Cyber Essentials requires that organisations have appropriate access controls in place, to ensure that only authorised individuals can access sensitive data and systems.
Malware protection
Cyber Essentials requires that organisations have anti-malware measures in place, such as anti-virus software, to protect against malware and other malicious software.
Patch management
Cyber Essentials requires that organisations have processes in place to ensure that all software and systems are kept up-to-date with security patches and updates, to minimise the risk of vulnerabilities being exploited.
By implementing and demonstrating compliance with these five aspects of cybersecurity, you can enhance your cyber security and reduce the risk of cyber attacks.
If you need help completing your Cyber Essentials checklist
The specific requirements for the IASME Cyber Essentials certification may vary depending on the level of certification you are seeking, as well as your organisation’s size and industry.
It’s important to review the IASME Cyber Essentials checklist carefully and seek guidance from an experienced cyber security professional if you have any questions or concerns.
The 28-page questionnaire is very time-consuming to complete and complex for those who are not IT professionals. Many organisations ultimately find it saves them money to have a professional get them through first time, rather than failing at the first attempt and figuring it out through trial and error.
